mrok 0.6.0__tar.gz → 0.8.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- mrok-0.8.0/.dockerignore +1 -0
- {mrok-0.6.0 → mrok-0.8.0}/.github/workflows/pr-build-merge.yaml +42 -1
- {mrok-0.6.0 → mrok-0.8.0}/.github/workflows/release.yml +46 -0
- {mrok-0.6.0 → mrok-0.8.0}/.gitignore +2 -0
- mrok-0.8.0/.pre-commit-config.yaml +65 -0
- {mrok-0.6.0 → mrok-0.8.0}/PKG-INFO +9 -3
- {mrok-0.6.0 → mrok-0.8.0}/README.md +5 -0
- mrok-0.8.0/charts/README.md +106 -0
- mrok-0.8.0/charts/mrok-controller/Chart.yaml +7 -0
- mrok-0.8.0/charts/mrok-controller/templates/_helpers.tpl +63 -0
- mrok-0.8.0/charts/mrok-controller/templates/configmap.yaml +19 -0
- mrok-0.8.0/charts/mrok-controller/templates/deployment.yaml +82 -0
- mrok-0.8.0/charts/mrok-controller/templates/secret.yaml +11 -0
- mrok-0.8.0/charts/mrok-controller/templates/service.yaml +16 -0
- mrok-0.8.0/charts/mrok-controller/values.yaml +13 -0
- mrok-0.8.0/charts/mrok-frontend/Chart.yaml +7 -0
- mrok-0.8.0/charts/mrok-frontend/templates/_helpers.tpl +63 -0
- mrok-0.8.0/charts/mrok-frontend/templates/configmap.yaml +13 -0
- mrok-0.8.0/charts/mrok-frontend/templates/deployment.yaml +94 -0
- mrok-0.8.0/charts/mrok-frontend/templates/secret.yaml +13 -0
- mrok-0.8.0/charts/mrok-frontend/templates/service.yaml +16 -0
- mrok-0.8.0/charts/mrok-frontend/values.yaml +7 -0
- mrok-0.8.0/compose.yml +262 -0
- {mrok-0.6.0 → mrok-0.8.0}/dev.Dockerfile +3 -2
- mrok-0.8.0/errors/error_template.html +19069 -0
- mrok-0.8.0/errors/error_template.json +5 -0
- mrok-0.8.0/mrok/agent/devtools/inspector/__main__.py +5 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/devtools/inspector/app.py +407 -112
- mrok-0.8.0/mrok/agent/devtools/inspector/utils.py +149 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/bootstrap.py +2 -2
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/register/extensions.py +7 -9
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/register/instances.py +13 -16
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/unregister/extensions.py +7 -11
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/unregister/instances.py +12 -12
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/frontend/run.py +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/main.py +17 -1
- mrok-0.8.0/mrok/cli/utils.py +31 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/conf.py +15 -7
- {mrok-0.6.0/mrok/proxy → mrok-0.8.0/mrok}/constants.py +5 -2
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/app.py +12 -10
- mrok-0.8.0/mrok/controller/auth/__init__.py +11 -0
- mrok-0.8.0/mrok/controller/auth/backends.py +60 -0
- mrok-0.8.0/mrok/controller/auth/base.py +38 -0
- mrok-0.8.0/mrok/controller/auth/manager.py +31 -0
- mrok-0.8.0/mrok/controller/auth/registry.py +17 -0
- mrok-0.8.0/mrok/frontend/app.py +143 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/frontend/main.py +8 -5
- mrok-0.8.0/mrok/frontend/middleware.py +35 -0
- mrok-0.8.0/mrok/frontend/utils.py +83 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/logging.py +24 -22
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/app.py +13 -5
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/middleware.py +7 -8
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/models.py +36 -10
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/ziticorn.py +8 -17
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/api.py +4 -4
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/bootstrap.py +0 -5
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/identities.py +11 -10
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/services.py +6 -6
- {mrok-0.6.0 → mrok-0.8.0}/pyproject.toml +9 -4
- {mrok-0.6.0 → mrok-0.8.0}/scripts/ziti.sh +0 -2
- mrok-0.8.0/settings.yaml +49 -0
- {mrok-0.6.0 → mrok-0.8.0}/sonar-project.properties +1 -1
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_delete_headers.svg +249 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_headers.svg +249 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_payload.svg +247 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_preview.svg +247 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_preview_binary.svg +248 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_raw_response.svg +251 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_get_raw_response_binary.svg +248 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_hide_metrics.svg +241 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_non_200_headers[400].svg +247 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_non_200_headers[500].svg +248 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_post_headers.svg +248 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_post_json_body.svg +247 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_post_preview_body_truncated.svg +248 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_post_preview_multipart.svg +246 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_terminal_too_small[0-1].svg +235 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_terminal_too_small[1-0].svg +239 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_terminal_too_small[1-1].svg +235 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_terminal_too_small_dismiss.svg +184 -0
- mrok-0.8.0/tests/agent/devtools/inspector/__snapshots__/test_app/test_app_terminal_too_small_resize_auto_dismiss.svg +245 -0
- mrok-0.8.0/tests/agent/devtools/inspector/test_app.py +372 -0
- mrok-0.8.0/tests/agent/devtools/inspector/test_server.py +25 -0
- mrok-0.8.0/tests/agent/devtools/inspector/test_utils.py +163 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/__snapshots__/test_inspector/test_inspector_app.svg +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/__snapshots__/test_inspector/test_inspector_app_empty_card.svg +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/__snapshots__/test_inspector/test_inspector_app_filed_store_connection.svg +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/__snapshots__/test_inspector/test_inspector_app_open_card.svg +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/admin/test_bootstrap.py +2 -2
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/admin/test_list.py +4 -4
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/admin/test_unregister.py +2 -2
- mrok-0.8.0/tests/cli/agent/test_dev.py +44 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/conftest.py +194 -26
- {mrok-0.6.0 → mrok-0.8.0}/tests/controller/test_auth.py +6 -6
- {mrok-0.6.0 → mrok-0.8.0}/tests/controller/test_extensions.py +12 -12
- {mrok-0.6.0 → mrok-0.8.0}/tests/controller/test_instances.py +5 -5
- mrok-0.8.0/tests/frontend/test_app.py +309 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/frontend/test_main.py +8 -1
- mrok-0.8.0/tests/frontend/test_middleware.py +60 -0
- mrok-0.8.0/tests/frontend/test_utils.py +46 -0
- mrok-0.8.0/tests/proxy/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_config.py +1 -2
- mrok-0.8.0/tests/proxy/test_models.py +159 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_server.py +4 -6
- mrok-0.8.0/tests/types.py +63 -0
- mrok-0.8.0/tests/ziti/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/ziti/test_api.py +20 -19
- {mrok-0.6.0 → mrok-0.8.0}/tests/ziti/test_bootstrap.py +10 -10
- {mrok-0.6.0 → mrok-0.8.0}/tests/ziti/test_identities.py +27 -28
- {mrok-0.6.0 → mrok-0.8.0}/tests/ziti/test_services.py +20 -20
- {mrok-0.6.0 → mrok-0.8.0}/uv.lock +846 -519
- mrok-0.6.0/.pre-commit-config.yaml +0 -29
- mrok-0.6.0/docker-compose.yaml +0 -82
- mrok-0.6.0/mrok/agent/devtools/__main__.py +0 -34
- mrok-0.6.0/mrok/agent/devtools/inspector/__main__.py +0 -25
- mrok-0.6.0/mrok/cli/commands/agent/utils.py +0 -5
- mrok-0.6.0/mrok/cli/utils.py +0 -5
- mrok-0.6.0/mrok/constants.py +0 -4
- mrok-0.6.0/mrok/controller/auth.py +0 -87
- mrok-0.6.0/mrok/frontend/app.py +0 -75
- mrok-0.6.0/mrok/proxy/utils.py +0 -90
- mrok-0.6.0/settings.yaml +0 -27
- mrok-0.6.0/snapshot_report.html +0 -807
- mrok-0.6.0/tests/frontend/test_app.py +0 -89
- mrok-0.6.0/tests/types.py +0 -29
- {mrok-0.6.0 → mrok-0.8.0}/.github/actions/setup-python-env/action.yml +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/.github/workflows/assets/turing_team_pr_bot.png +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/.github/workflows/notify-pr-closed.yaml +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/.github/workflows/notify-pr-reviewed.yml +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/.python-version +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/LICENSE.txt +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/entrypoint.sh +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/devtools/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/devtools/inspector/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/devtools/inspector/server.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/sidecar/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/sidecar/app.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/sidecar/main.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/agent/ziticorn.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/list/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/list/extensions.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/list/instances.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/register/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/unregister/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/admin/utils.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/dev/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/dev/console.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/dev/web.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/run/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/run/asgi.py +1 -1
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/agent/run/sidecar.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/controller/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/controller/openapi.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/controller/run.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/commands/frontend/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/cli/rich.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/dependencies/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/dependencies/conf.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/dependencies/ziti.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/openapi/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/openapi/examples.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/openapi/utils.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/pagination.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/routes/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/routes/extensions.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/routes/instances.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/controller/schemas.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/errors.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/frontend/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/asgi.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/backend.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/event_publisher.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/exceptions.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/master.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/metrics.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/stream.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/proxy/worker.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/types/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/types/proxy.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/types/ziti.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/constants.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/errors.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/mrok/ziti/pki.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/prod.Dockerfile +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/__init__.py +0 -0
- {mrok-0.6.0/tests/agent/sidecar → mrok-0.8.0/tests/agent/devtools}/__init__.py +0 -0
- {mrok-0.6.0/tests/cli → mrok-0.8.0/tests/agent/devtools/inspector}/__init__.py +0 -0
- {mrok-0.6.0/tests/cli/admin → mrok-0.8.0/tests/agent/sidecar}/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/test_app.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/sidecar/test_main.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/agent/test_ziticorn.py +0 -0
- {mrok-0.6.0/tests/cli/agent → mrok-0.8.0/tests/cli}/__init__.py +0 -0
- {mrok-0.6.0/tests/cli/controller → mrok-0.8.0/tests/cli/admin}/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/admin/test_register.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/admin/test_utils.py +0 -0
- {mrok-0.6.0/tests/cli/frontend → mrok-0.8.0/tests/cli/agent}/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/agent/test_run.py +1 -1
- {mrok-0.6.0/tests → mrok-0.8.0/tests/cli}/controller/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/controller/test_openapi.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/controller/test_run.py +0 -0
- {mrok-0.6.0/tests → mrok-0.8.0/tests/cli}/frontend/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/frontend/test_run.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/cli/test_main.py +0 -0
- {mrok-0.6.0/tests/proxy → mrok-0.8.0/tests/controller}/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/controller/test_openapi.py +0 -0
- {mrok-0.6.0/tests/ziti → mrok-0.8.0/tests/frontend}/__init__.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_app.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_asgi.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_backend.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_event_publisher.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_lifespan.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_master.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_metrics.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_middleware.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_protocol.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_stream.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/proxy/test_worker.py +0 -0
- {mrok-0.6.0 → mrok-0.8.0}/tests/ziti/test_pki.py +0 -0
mrok-0.8.0/.dockerignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
.venv
|
|
@@ -51,12 +51,52 @@ jobs:
|
|
|
51
51
|
run: uv run bandit -c pyproject.toml -r . -f json -o bandit.json
|
|
52
52
|
|
|
53
53
|
- name: Run tests
|
|
54
|
+
id: run-tests
|
|
54
55
|
run: uv run pytest
|
|
55
56
|
|
|
57
|
+
- name: Upload snapshot report on test failure
|
|
58
|
+
if: ${{ failure() && steps.run-tests.outcome == 'failure' }}
|
|
59
|
+
uses: actions/upload-artifact@v4
|
|
60
|
+
with:
|
|
61
|
+
name: snapshot-report-${{ matrix.python-version }}
|
|
62
|
+
path: snapshot_report.html
|
|
63
|
+
if-no-files-found: warn
|
|
64
|
+
|
|
65
|
+
helm-checks:
|
|
66
|
+
runs-on: ubuntu-latest
|
|
67
|
+
|
|
68
|
+
steps:
|
|
69
|
+
- uses: actions/checkout@v4
|
|
70
|
+
|
|
71
|
+
- name: Set up Helm
|
|
72
|
+
uses: azure/setup-helm@v4
|
|
73
|
+
|
|
74
|
+
- name: Lint mrok-controller
|
|
75
|
+
run: |
|
|
76
|
+
helm lint charts/mrok-controller
|
|
77
|
+
|
|
78
|
+
- name: Render mrok-controller
|
|
79
|
+
run: |
|
|
80
|
+
helm template test charts/mrok-controller \
|
|
81
|
+
--values charts/mrok-controller/values.yaml \
|
|
82
|
+
> /dev/null
|
|
83
|
+
|
|
84
|
+
- name: Lint mrok-frontend
|
|
85
|
+
run: |
|
|
86
|
+
helm lint charts/mrok-frontend
|
|
87
|
+
|
|
88
|
+
- name: Render mrok-frontend
|
|
89
|
+
run: |
|
|
90
|
+
helm template test charts/mrok-frontend \
|
|
91
|
+
--values charts/mrok-frontend/values.yaml \
|
|
92
|
+
> /dev/null
|
|
93
|
+
|
|
56
94
|
build:
|
|
57
95
|
runs-on: ubuntu-latest
|
|
58
96
|
timeout-minutes: 10
|
|
59
|
-
needs:
|
|
97
|
+
needs:
|
|
98
|
+
- test
|
|
99
|
+
- helm-checks
|
|
60
100
|
|
|
61
101
|
steps:
|
|
62
102
|
- uses: actions/checkout@v4
|
|
@@ -81,6 +121,7 @@ jobs:
|
|
|
81
121
|
run: uv sync --all-extras --dev
|
|
82
122
|
|
|
83
123
|
- name: Run tests
|
|
124
|
+
id: run-tests
|
|
84
125
|
run: uv run pytest
|
|
85
126
|
|
|
86
127
|
- name: Compute added/removed lines for notification
|
|
@@ -56,6 +56,52 @@ jobs:
|
|
|
56
56
|
- name: Docker image digest
|
|
57
57
|
run: echo ${{ steps.docker_build.outputs.digest }}
|
|
58
58
|
|
|
59
|
+
|
|
60
|
+
helm-charts:
|
|
61
|
+
runs-on: ubuntu-latest
|
|
62
|
+
timeout-minutes: 10
|
|
63
|
+
needs: [ set-version ]
|
|
64
|
+
steps:
|
|
65
|
+
- name: Checkout
|
|
66
|
+
uses: actions/checkout@v5
|
|
67
|
+
with:
|
|
68
|
+
fetch-depth: 0
|
|
69
|
+
|
|
70
|
+
- name: 'Get the version'
|
|
71
|
+
id: get_version
|
|
72
|
+
run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT"
|
|
73
|
+
|
|
74
|
+
- name: Install yq (snap)
|
|
75
|
+
run: |
|
|
76
|
+
sudo snap install yq
|
|
77
|
+
|
|
78
|
+
- name: Patch Helm chart versions
|
|
79
|
+
run: |
|
|
80
|
+
for chart in charts/mrok-controller charts/mrok-frontend; do
|
|
81
|
+
yq e -i ".version = \"${{ steps.get_version.outputs.VERSION }}\"" "$chart/Chart.yaml"
|
|
82
|
+
yq e -i ".appVersion = \"${{ steps.get_version.outputs.VERSION }}\"" "$chart/Chart.yaml"
|
|
83
|
+
done
|
|
84
|
+
|
|
85
|
+
- name: Package Helm charts
|
|
86
|
+
run: |
|
|
87
|
+
helm package charts/mrok-controller
|
|
88
|
+
helm package charts/mrok-frontend
|
|
89
|
+
|
|
90
|
+
- name: Helm registry login
|
|
91
|
+
run:
|
|
92
|
+
echo ${{ secrets.REGISTRY_PASSWORD }} | helm registry login ${{ vars.REGISTRY_LOGIN_SERVER }} \
|
|
93
|
+
--username ${{ vars.REGISTRY_USERNAME }} \
|
|
94
|
+
--password-stdin
|
|
95
|
+
|
|
96
|
+
- name: Push Helm charts to ACR (OCI)
|
|
97
|
+
run: |
|
|
98
|
+
helm push mrok-controller-${{ steps.get_version.outputs.VERSION }}.tgz \
|
|
99
|
+
oci://${{ vars.REGISTRY_LOGIN_SERVER }}/gha/helm
|
|
100
|
+
|
|
101
|
+
helm push mrok-controller-${{ steps.get_version.outputs.VERSION }}.tgz \
|
|
102
|
+
oci://${{ vars.REGISTRY_LOGIN_SERVER }}/gah/helm
|
|
103
|
+
|
|
104
|
+
|
|
59
105
|
dtrack:
|
|
60
106
|
uses: softwareone-platform/ops-template/.github/workflows/dependency-track-python-uv.yml@v1
|
|
61
107
|
with:
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
default_language_version:
|
|
2
|
+
python: python3.12
|
|
3
|
+
exclude: (^|/)__snapshots__/.*\.svg$|errors/.*\.html$
|
|
4
|
+
repos:
|
|
5
|
+
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
6
|
+
rev: v5.0.0
|
|
7
|
+
hooks:
|
|
8
|
+
- id: check-added-large-files
|
|
9
|
+
- id: check-toml
|
|
10
|
+
- id: check-yaml
|
|
11
|
+
exclude: ^charts/
|
|
12
|
+
args:
|
|
13
|
+
- --unsafe
|
|
14
|
+
- id: end-of-file-fixer
|
|
15
|
+
- id: trailing-whitespace
|
|
16
|
+
- repo: https://github.com/astral-sh/ruff-pre-commit
|
|
17
|
+
rev: v0.10.0
|
|
18
|
+
hooks:
|
|
19
|
+
- id: ruff
|
|
20
|
+
args:
|
|
21
|
+
- --fix
|
|
22
|
+
- id: ruff-format
|
|
23
|
+
- repo: https://github.com/PyCQA/bandit
|
|
24
|
+
rev: "1.8.0"
|
|
25
|
+
hooks:
|
|
26
|
+
- id: bandit
|
|
27
|
+
args:
|
|
28
|
+
- -c
|
|
29
|
+
- pyproject.toml
|
|
30
|
+
- -r
|
|
31
|
+
- .
|
|
32
|
+
|
|
33
|
+
- repo: local
|
|
34
|
+
hooks:
|
|
35
|
+
- id: helm-lint
|
|
36
|
+
name: helm lint
|
|
37
|
+
entry: >
|
|
38
|
+
bash -c '
|
|
39
|
+
if ! command -v helm >/dev/null 2>&1; then
|
|
40
|
+
echo "WARNING: helm not installed, skipping helm lint";
|
|
41
|
+
exit 0;
|
|
42
|
+
fi;
|
|
43
|
+
for chart in charts/*/Chart.yaml; do
|
|
44
|
+
helm lint "$(dirname "$chart")";
|
|
45
|
+
done
|
|
46
|
+
'
|
|
47
|
+
language: system
|
|
48
|
+
pass_filenames: false
|
|
49
|
+
|
|
50
|
+
- repo: local
|
|
51
|
+
hooks:
|
|
52
|
+
- id: helm-template
|
|
53
|
+
name: helm template
|
|
54
|
+
entry: >
|
|
55
|
+
bash -c '
|
|
56
|
+
if ! command -v helm >/dev/null 2>&1; then
|
|
57
|
+
echo "WARNING: helm not installed, skipping helm template";
|
|
58
|
+
exit 0;
|
|
59
|
+
fi;
|
|
60
|
+
for chart in charts/*/Chart.yaml; do
|
|
61
|
+
helm template test "$(dirname "$chart")" > /dev/null;
|
|
62
|
+
done
|
|
63
|
+
'
|
|
64
|
+
language: system
|
|
65
|
+
pass_filenames: false
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: mrok
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.8.0
|
|
4
4
|
Summary: MPT Extensions OpenZiti Orchestrator
|
|
5
5
|
Author: SoftwareOne AG
|
|
6
6
|
License: Apache License
|
|
@@ -214,6 +214,7 @@ Requires-Dist: fastapi[standard]<0.120.0,>=0.119.0
|
|
|
214
214
|
Requires-Dist: gunicorn<24.0.0,>=23.0.0
|
|
215
215
|
Requires-Dist: hdrhistogram<0.11.0,>=0.10.3
|
|
216
216
|
Requires-Dist: httpcore<2.0.0,>=1.0.9
|
|
217
|
+
Requires-Dist: multipart<2.0.0,>=1.3.0
|
|
217
218
|
Requires-Dist: openziti<2.0.0,>=1.3.1
|
|
218
219
|
Requires-Dist: psutil<8.0.0,>=7.1.3
|
|
219
220
|
Requires-Dist: pydantic<3.0.0,>=2.11.7
|
|
@@ -223,8 +224,8 @@ Requires-Dist: pyyaml<7.0.0,>=6.0.2
|
|
|
223
224
|
Requires-Dist: pyzmq<28.0.0,>=27.1.0
|
|
224
225
|
Requires-Dist: rich<15.0.0,>=14.1.0
|
|
225
226
|
Requires-Dist: textual-serve<2.0.0,>=1.1.3
|
|
226
|
-
Requires-Dist: textual<
|
|
227
|
-
Requires-Dist: typer<0.
|
|
227
|
+
Requires-Dist: textual[syntax]<8.0.0,>=7.2.0
|
|
228
|
+
Requires-Dist: typer<1.0.0,>=0.21.1
|
|
228
229
|
Requires-Dist: uvicorn-worker<0.5.0,>=0.4.0
|
|
229
230
|
Description-Content-Type: text/markdown
|
|
230
231
|
|
|
@@ -240,6 +241,7 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
|
|
|
240
241
|
- **Agent** – Runs alongside an extension in two modes:
|
|
241
242
|
- *Sidecar mode*: proxies traffic between the Ziti network and a local TCP or Unix socket.
|
|
242
243
|
- *Embeddable mode*: integrates with ASGI servers (e.g. Uvicorn) to serve a Python application directly.
|
|
244
|
+
- **Frontend** - Proxies internet request to a specific extension through the OpenZiti network.
|
|
243
245
|
- **CLI** – A command-line tool for administrative tasks and for running the agent in either mode.
|
|
244
246
|
|
|
245
247
|
## Key Features
|
|
@@ -247,5 +249,9 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
|
|
|
247
249
|
- Zero-trust networking with automatic balancing across Extension instances.
|
|
248
250
|
- Simple API and CLI for managing services and identities.
|
|
249
251
|
|
|
252
|
+
## Development
|
|
253
|
+
The included docker compose starts a local Ziti Network (controller + router) and mrok (controller and frontend).
|
|
254
|
+
|
|
255
|
+
|
|
250
256
|
## License
|
|
251
257
|
[Apache 2.0](LICENSE)
|
|
@@ -10,6 +10,7 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
|
|
|
10
10
|
- **Agent** – Runs alongside an extension in two modes:
|
|
11
11
|
- *Sidecar mode*: proxies traffic between the Ziti network and a local TCP or Unix socket.
|
|
12
12
|
- *Embeddable mode*: integrates with ASGI servers (e.g. Uvicorn) to serve a Python application directly.
|
|
13
|
+
- **Frontend** - Proxies internet request to a specific extension through the OpenZiti network.
|
|
13
14
|
- **CLI** – A command-line tool for administrative tasks and for running the agent in either mode.
|
|
14
15
|
|
|
15
16
|
## Key Features
|
|
@@ -17,5 +18,9 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
|
|
|
17
18
|
- Zero-trust networking with automatic balancing across Extension instances.
|
|
18
19
|
- Simple API and CLI for managing services and identities.
|
|
19
20
|
|
|
21
|
+
## Development
|
|
22
|
+
The included docker compose starts a local Ziti Network (controller + router) and mrok (controller and frontend).
|
|
23
|
+
|
|
24
|
+
|
|
20
25
|
## License
|
|
21
26
|
[Apache 2.0](LICENSE)
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
# mrok Helm Charts
|
|
2
|
+
|
|
3
|
+
This directory contains Kubernetes Helm charts for deploying the mrok application stack.
|
|
4
|
+
|
|
5
|
+
## Charts Overview
|
|
6
|
+
|
|
7
|
+
### 1. mrok-controller
|
|
8
|
+
|
|
9
|
+
**Description:** Helm chart for deploying the mrok controller component.
|
|
10
|
+
|
|
11
|
+
**Purpose:** The mrok controller is the central management component that handles orchestration of OpenZiti network.
|
|
12
|
+
|
|
13
|
+
**Key Configuration Parameters:**
|
|
14
|
+
- `image.repository`: Container image repository (e.g., `<registry>/<org>/<image>`)
|
|
15
|
+
- `image.tag`: Container image tag (e.g., `<image-tag>`)
|
|
16
|
+
- `frontendDomain`: Domain for the frontend service
|
|
17
|
+
- `zitiBaseUrlsClient`: Ziti client API endpoint (e.g., `https://<ziti-client-api-host>`)
|
|
18
|
+
- `zitiBaseUrlsManagement`: Ziti management API endpoint (e.g., `https://<ziti-mgmt-api-host>`)
|
|
19
|
+
- `zitiAuthUsername`: Username for Ziti authentication (default: `admin`)
|
|
20
|
+
- `zitiAuthPassword`: Password for Ziti authentication
|
|
21
|
+
- `loggingDebug`: Enable debug logging (default: `false`)
|
|
22
|
+
- `loggingRich`: Enable rich logging output (default: `false`)
|
|
23
|
+
- `controllerAuthBackends`: Authentication backends (default: `['oidc']`)
|
|
24
|
+
- `controllerAuthOIDCConfigUrl`: OpenID Connect configuration URL
|
|
25
|
+
- `controllerAuthOIDCAudience`: OpenID Connect audience identifier
|
|
26
|
+
|
|
27
|
+
**Components Deployed:**
|
|
28
|
+
- Deployment: Runs the mrok controller service
|
|
29
|
+
- ConfigMap: Stores configuration data
|
|
30
|
+
- Secret: Stores sensitive credentials
|
|
31
|
+
- Service: Exposes the controller application
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
### 2. mrok-frontend
|
|
36
|
+
|
|
37
|
+
**Description:** Helm chart for deploying the mrok frontend component.
|
|
38
|
+
|
|
39
|
+
**Purpose:** The mrok frontend is the reverse proxy that allow to consume the extensions web application exposed through the OpenZiti network.
|
|
40
|
+
|
|
41
|
+
**Key Configuration Parameters:**
|
|
42
|
+
- `image.repository`: Container image repository (e.g., `<registry>/<org>/<image>`)
|
|
43
|
+
- `image.tag`: Container image tag (e.g., `<image-tag>`)
|
|
44
|
+
- `frontendDomain`: Domain for the frontend service
|
|
45
|
+
- `loggingDebug`: Enable debug logging (default: `false`)
|
|
46
|
+
- `loggingRich`: Enable rich logging output (default: `false`)
|
|
47
|
+
- `identityJson`: Identity JSON file for frontend authentication
|
|
48
|
+
|
|
49
|
+
**Components Deployed:**
|
|
50
|
+
- Deployment: Runs the mrok frontend service
|
|
51
|
+
- ConfigMap: Stores frontend configuration
|
|
52
|
+
- Secret: Stores sensitive data and identity files
|
|
53
|
+
- Service: Exposes the frontend application
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Common Template Files
|
|
59
|
+
|
|
60
|
+
Both charts follow a consistent structure with the following template files:
|
|
61
|
+
|
|
62
|
+
- **`_helpers.tpl`**: Contains reusable template helpers and label definitions
|
|
63
|
+
- **`configmap.yaml`**: Kubernetes ConfigMap for storing non-sensitive configuration
|
|
64
|
+
- **`deployment.yaml`**: Kubernetes Deployment specification
|
|
65
|
+
- **`secret.yaml`**: Kubernetes Secret for storing sensitive data (passwords, API keys, etc.)
|
|
66
|
+
- **`service.yaml`**: Kubernetes Service for exposing the application
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Installation
|
|
71
|
+
|
|
72
|
+
### Prerequisites
|
|
73
|
+
- Kubernetes cluster (1.19+)
|
|
74
|
+
- Helm 3.x
|
|
75
|
+
|
|
76
|
+
### Install mrok-controller
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
helm install mrok-controller ./mrok-controller -f values.yaml
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
### Install mrok-frontend
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
helm install mrok-frontend ./mrok-frontend -f values.yaml
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Configuration
|
|
91
|
+
|
|
92
|
+
Each chart includes a `values.yaml` file with default and placeholder values. Before deploying:
|
|
93
|
+
|
|
94
|
+
1. Copy the chart directory to your deployment location
|
|
95
|
+
2. Update `values.yaml` with your environment-specific values
|
|
96
|
+
3. Use `helm install` or `helm upgrade` to deploy
|
|
97
|
+
|
|
98
|
+
Example:
|
|
99
|
+
```bash
|
|
100
|
+
helm upgrade --install mrok-controller ./mrok-controller \
|
|
101
|
+
--set image.repository=myregistry.azurecr.io/mrok \
|
|
102
|
+
--set image.tag=1.0.0 \
|
|
103
|
+
--set frontendDomain=ext.example.com
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
---
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
{{/* vim: set filetype=mustache: */}}
|
|
2
|
+
{{/*
|
|
3
|
+
Expand the name of the chart.
|
|
4
|
+
*/}}
|
|
5
|
+
{{- define "common.name" -}}
|
|
6
|
+
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
7
|
+
{{- end -}}
|
|
8
|
+
|
|
9
|
+
{{/*
|
|
10
|
+
Create a default fully qualified app name.
|
|
11
|
+
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
12
|
+
If release name contains chart name it will be used as a full name.
|
|
13
|
+
*/}}
|
|
14
|
+
{{- define "common.fullname" -}}
|
|
15
|
+
{{- if .Values.fullnameOverride -}}
|
|
16
|
+
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
17
|
+
{{- else -}}
|
|
18
|
+
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
19
|
+
{{- if contains .Release.Name $name -}}
|
|
20
|
+
{{- $name | trunc 63 | trimSuffix "-" -}}
|
|
21
|
+
{{- else -}}
|
|
22
|
+
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
23
|
+
{{- end -}}
|
|
24
|
+
{{- end -}}
|
|
25
|
+
{{- end -}}
|
|
26
|
+
|
|
27
|
+
{{/*
|
|
28
|
+
Create chart name and version as used by the chart label.
|
|
29
|
+
*/}}
|
|
30
|
+
{{- define "common.chart" -}}
|
|
31
|
+
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
32
|
+
{{- end -}}
|
|
33
|
+
|
|
34
|
+
{{/*
|
|
35
|
+
Common labels
|
|
36
|
+
*/}}
|
|
37
|
+
{{- define "common.labels" -}}
|
|
38
|
+
helm.sh/chart: {{ include "common.chart" . }}
|
|
39
|
+
{{ include "common.selectorLabels" . }}
|
|
40
|
+
{{- if .Chart.AppVersion }}
|
|
41
|
+
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
42
|
+
{{- end }}
|
|
43
|
+
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
44
|
+
{{- end -}}
|
|
45
|
+
|
|
46
|
+
{{/*
|
|
47
|
+
Selector labels
|
|
48
|
+
*/}}
|
|
49
|
+
{{- define "common.selectorLabels" -}}
|
|
50
|
+
app.kubernetes.io/name: {{ include "common.name" . }}
|
|
51
|
+
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
52
|
+
{{- end -}}
|
|
53
|
+
|
|
54
|
+
{{/*
|
|
55
|
+
Create the name of the service account to use
|
|
56
|
+
*/}}
|
|
57
|
+
{{- define "common.serviceAccountName" -}}
|
|
58
|
+
{{- if .Values.serviceAccount.create -}}
|
|
59
|
+
{{ default (include "common.fullname" .) .Values.serviceAccount.name }}
|
|
60
|
+
{{- else -}}
|
|
61
|
+
{{ default "default" .Values.serviceAccount.name }}
|
|
62
|
+
{{- end -}}
|
|
63
|
+
{{- end -}}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
apiVersion: v1
|
|
2
|
+
kind: ConfigMap
|
|
3
|
+
metadata:
|
|
4
|
+
namespace: {{ .Release.Namespace }}
|
|
5
|
+
name: {{ include "common.fullname" . }}
|
|
6
|
+
labels:
|
|
7
|
+
{{- include "common.labels" . | nindent 4 }}
|
|
8
|
+
annotations:
|
|
9
|
+
"helm.sh/hook": pre-install,pre-upgrade
|
|
10
|
+
data:
|
|
11
|
+
MROK_FRONTEND__DOMAIN: {{ .Values.frontendDomain | quote }}
|
|
12
|
+
MROK_ZITI__AUTH__USERNAME: {{ .Values.zitiAuthUsername | quote }}
|
|
13
|
+
MROK_ZITI__BASE_URLS__CLIENT: {{ .Values.zitiBaseUrlsClient | quote }}
|
|
14
|
+
MROK_ZITI__BASE_URLS__MANAGEMENT: {{ .Values.zitiBaseUrlsManagement | quote }}
|
|
15
|
+
MROK_LOGGING__DEBUG: {{ .Values.loggingDebug | quote }}
|
|
16
|
+
MROK_LOGGING__RICH: {{ .Values.loggingRich | quote }}
|
|
17
|
+
MROK_CONTROLLER__AUTH__BACKENDS: {{ .Values.controllerAuthBackends | quote }}
|
|
18
|
+
MROK_CONTROLLER__AUTH__OIDC__OPENID_CONFIG_URL: {{ .Values.controllerAuthOIDCConfigUrl | quote }}
|
|
19
|
+
MROK_CONTROLLER__AUTH__OIDC__AUDIENCE: {{ .Values.controllerAuthOIDCAudience | quote }}
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
apiVersion: apps/v1
|
|
2
|
+
kind: Deployment
|
|
3
|
+
metadata:
|
|
4
|
+
namespace: {{ .Release.Namespace }}
|
|
5
|
+
name: {{ include "common.fullname" . }}
|
|
6
|
+
labels:
|
|
7
|
+
{{- include "common.labels" . | nindent 4 }}
|
|
8
|
+
spec:
|
|
9
|
+
replicas: {{ .Values.replicaCount }}
|
|
10
|
+
selector:
|
|
11
|
+
matchLabels:
|
|
12
|
+
{{- include "common.selectorLabels" . | nindent 6 }}
|
|
13
|
+
template:
|
|
14
|
+
metadata:
|
|
15
|
+
labels:
|
|
16
|
+
{{- include "common.labels" . | nindent 8 }}
|
|
17
|
+
spec:
|
|
18
|
+
containers:
|
|
19
|
+
- name: main
|
|
20
|
+
securityContext:
|
|
21
|
+
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
22
|
+
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
23
|
+
command:
|
|
24
|
+
- mrok
|
|
25
|
+
args:
|
|
26
|
+
- "controller"
|
|
27
|
+
- "run"
|
|
28
|
+
- "--host"
|
|
29
|
+
- "0.0.0.0"
|
|
30
|
+
- "--port"
|
|
31
|
+
- "8975"
|
|
32
|
+
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
33
|
+
envFrom:
|
|
34
|
+
- configMapRef:
|
|
35
|
+
name: {{ include "common.fullname" . }}
|
|
36
|
+
- secretRef:
|
|
37
|
+
name: {{ include "common.fullname" . }}
|
|
38
|
+
ports:
|
|
39
|
+
- name: http
|
|
40
|
+
containerPort: 8975
|
|
41
|
+
protocol: TCP
|
|
42
|
+
livenessProbe:
|
|
43
|
+
httpGet:
|
|
44
|
+
path: /healthcheck
|
|
45
|
+
port: http
|
|
46
|
+
initialDelaySeconds: 15
|
|
47
|
+
periodSeconds: 30
|
|
48
|
+
timeoutSeconds: 5
|
|
49
|
+
readinessProbe:
|
|
50
|
+
httpGet:
|
|
51
|
+
path: /healthcheck
|
|
52
|
+
port: http
|
|
53
|
+
initialDelaySeconds: 5
|
|
54
|
+
periodSeconds: 5
|
|
55
|
+
timeoutSeconds: 5
|
|
56
|
+
resources:
|
|
57
|
+
{{- toYaml .Values.resources | nindent 12 }}
|
|
58
|
+
{{- with .Values.nodeSelector }}
|
|
59
|
+
nodeSelector:
|
|
60
|
+
{{- toYaml . | nindent 8 }}
|
|
61
|
+
{{- end }}
|
|
62
|
+
affinity:
|
|
63
|
+
# Default affinity is set to ensure all pods are not located on the same node.
|
|
64
|
+
podAntiAffinity:
|
|
65
|
+
preferredDuringSchedulingIgnoredDuringExecution:
|
|
66
|
+
- weight: 100
|
|
67
|
+
podAffinityTerm:
|
|
68
|
+
labelSelector:
|
|
69
|
+
matchExpressions:
|
|
70
|
+
- key: app.kubernetes.io/name
|
|
71
|
+
operator: In
|
|
72
|
+
values:
|
|
73
|
+
- {{ include "common.name" . }}
|
|
74
|
+
- key: app.kubernetes.io/instance
|
|
75
|
+
operator: In
|
|
76
|
+
values:
|
|
77
|
+
- {{ .Release.Name }}
|
|
78
|
+
topologyKey: "kubernetes.io/hostname"
|
|
79
|
+
{{- with .Values.tolerations }}
|
|
80
|
+
tolerations:
|
|
81
|
+
{{- toYaml . | nindent 8 }}
|
|
82
|
+
{{- end }}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
apiVersion: v1
|
|
2
|
+
kind: Secret
|
|
3
|
+
metadata:
|
|
4
|
+
namespace: {{ .Release.Namespace }}
|
|
5
|
+
name: {{ include "common.fullname" . }}
|
|
6
|
+
labels:
|
|
7
|
+
{{- include "common.labels" . | nindent 4 }}
|
|
8
|
+
annotations:
|
|
9
|
+
"helm.sh/hook": pre-install,pre-upgrade
|
|
10
|
+
data:
|
|
11
|
+
MROK_ZITI__AUTH__PASSWORD: {{ .Values.zitiAuthPassword | b64enc }}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
apiVersion: v1
|
|
2
|
+
kind: Service
|
|
3
|
+
metadata:
|
|
4
|
+
namespace: {{ .Release.Namespace }}
|
|
5
|
+
name: {{ include "common.fullname" . }}
|
|
6
|
+
labels:
|
|
7
|
+
{{- include "common.labels" . | nindent 4 }}
|
|
8
|
+
spec:
|
|
9
|
+
type: ClusterIP
|
|
10
|
+
ports:
|
|
11
|
+
- port: 80
|
|
12
|
+
targetPort: 8975
|
|
13
|
+
protocol: TCP
|
|
14
|
+
name: http
|
|
15
|
+
selector:
|
|
16
|
+
{{- include "common.selectorLabels" . | nindent 4 }}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
image:
|
|
2
|
+
repository: <registry>/<org>/<image>
|
|
3
|
+
tag: <image-tag>
|
|
4
|
+
frontendDomain: <frontend-domain>
|
|
5
|
+
zitiBaseUrlsClient: https://<ziti-client-api-host>
|
|
6
|
+
zitiBaseUrlsManagement: https://<ziti-mgmt-api-host>
|
|
7
|
+
zitiAuthUsername: admin
|
|
8
|
+
zitiAuthPassword: "<ziti-admin-password>"
|
|
9
|
+
loggingDebug: "false"
|
|
10
|
+
loggingRich: "false"
|
|
11
|
+
controllerAuthBackends: "['oidc']"
|
|
12
|
+
controllerAuthOIDCConfigUrl: "https://<openid-config-host>/<openid-config-path>"
|
|
13
|
+
controllerAuthOIDCAudience: "http://<auth-audience-host>"
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
{{/* vim: set filetype=mustache: */}}
|
|
2
|
+
{{/*
|
|
3
|
+
Expand the name of the chart.
|
|
4
|
+
*/}}
|
|
5
|
+
{{- define "common.name" -}}
|
|
6
|
+
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
7
|
+
{{- end -}}
|
|
8
|
+
|
|
9
|
+
{{/*
|
|
10
|
+
Create a default fully qualified app name.
|
|
11
|
+
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
12
|
+
If release name contains chart name it will be used as a full name.
|
|
13
|
+
*/}}
|
|
14
|
+
{{- define "common.fullname" -}}
|
|
15
|
+
{{- if .Values.fullnameOverride -}}
|
|
16
|
+
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
17
|
+
{{- else -}}
|
|
18
|
+
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
19
|
+
{{- if contains .Release.Name $name -}}
|
|
20
|
+
{{- $name | trunc 63 | trimSuffix "-" -}}
|
|
21
|
+
{{- else -}}
|
|
22
|
+
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
23
|
+
{{- end -}}
|
|
24
|
+
{{- end -}}
|
|
25
|
+
{{- end -}}
|
|
26
|
+
|
|
27
|
+
{{/*
|
|
28
|
+
Create chart name and version as used by the chart label.
|
|
29
|
+
*/}}
|
|
30
|
+
{{- define "common.chart" -}}
|
|
31
|
+
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
32
|
+
{{- end -}}
|
|
33
|
+
|
|
34
|
+
{{/*
|
|
35
|
+
Common labels
|
|
36
|
+
*/}}
|
|
37
|
+
{{- define "common.labels" -}}
|
|
38
|
+
helm.sh/chart: {{ include "common.chart" . }}
|
|
39
|
+
{{ include "common.selectorLabels" . }}
|
|
40
|
+
{{- if .Chart.AppVersion }}
|
|
41
|
+
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
42
|
+
{{- end }}
|
|
43
|
+
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
44
|
+
{{- end -}}
|
|
45
|
+
|
|
46
|
+
{{/*
|
|
47
|
+
Selector labels
|
|
48
|
+
*/}}
|
|
49
|
+
{{- define "common.selectorLabels" -}}
|
|
50
|
+
app.kubernetes.io/name: {{ include "common.name" . }}
|
|
51
|
+
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
52
|
+
{{- end -}}
|
|
53
|
+
|
|
54
|
+
{{/*
|
|
55
|
+
Create the name of the service account to use
|
|
56
|
+
*/}}
|
|
57
|
+
{{- define "common.serviceAccountName" -}}
|
|
58
|
+
{{- if .Values.serviceAccount.create -}}
|
|
59
|
+
{{ default (include "common.fullname" .) .Values.serviceAccount.name }}
|
|
60
|
+
{{- else -}}
|
|
61
|
+
{{ default "default" .Values.serviceAccount.name }}
|
|
62
|
+
{{- end -}}
|
|
63
|
+
{{- end -}}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
apiVersion: v1
|
|
2
|
+
kind: ConfigMap
|
|
3
|
+
metadata:
|
|
4
|
+
namespace: {{ .Release.Namespace }}
|
|
5
|
+
name: {{ include "common.fullname" . }}
|
|
6
|
+
labels:
|
|
7
|
+
{{- include "common.labels" . | nindent 4 }}
|
|
8
|
+
annotations:
|
|
9
|
+
"helm.sh/hook": pre-install,pre-upgrade
|
|
10
|
+
data:
|
|
11
|
+
MROK_FRONTEND__DOMAIN: {{ .Values.proxyDomain | quote }}
|
|
12
|
+
MROK_LOGGING__DEBUG: {{ .Values.loggingDebug | quote }}
|
|
13
|
+
MROK_LOGGING__RICH: {{ .Values.loggingRich | quote }}
|