Skip to content

Commit

Permalink
Updated litmus installation yaml and envs
Browse files Browse the repository at this point in the history 
Signed-off-by: Saranya-jena <[email protected]>
  • Loading branch information
@Saranya-jena
Saranya-jena committed Jul 10, 2024
1 parent 1d38715 commit 39b7cf5
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 51 deletions.
12 changes: 6 additions & 6 deletions chaoscenter/authentication/api/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,17 +197,17 @@ func runRestServer(applicationService services.ApplicationService) {
routes.UserRouter(app, applicationService)
routes.ProjectRouter(app, applicationService)

log.Infof("Listening and serving HTTP on %s", utils.Port)
log.Infof("Listening and serving HTTP on %s", utils.RestPort)

if utils.EnableInternalTls {
if utils.TlsCertPath != "" && utils.TlSKeyPath != "" {
conf := utils.GetTlsConfig()
server := http.Server{
Addr: utils.PortHttps,
Addr: utils.RestPort,
Handler: app,
TLSConfig: conf,
}
log.Infof("Listening and serving HTTPS on %s", utils.PortHttps)
log.Infof("Listening and serving HTTPS on %s", utils.RestPort)
err := server.ListenAndServeTLS("", "")
if err != nil {
log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
Expand All @@ -216,8 +216,8 @@ func runRestServer(applicationService services.ApplicationService) {
log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
}
} else {
log.Infof("Listening and serving HTTP on %s", utils.Port)
err := app.Run(utils.Port)
log.Infof("Listening and serving HTTP on %s", utils.RestPort)
err := app.Run(utils.RestPort)
if err != nil {
log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
}
Expand All @@ -244,7 +244,7 @@ func runGrpcServer(applicationService services.ApplicationService) {
func runGrpcServerWithTLS(applicationService services.ApplicationService) {

// Starting gRPC server
lis, err := net.Listen("tcp", utils.GrpcPortHttps)
lis, err := net.Listen("tcp", utils.GrpcPort)
if err != nil {
log.Fatalf("Failure to start litmus-portal authentication server due to %s", err)
}
Expand Down
6 changes: 2 additions & 4 deletions chaoscenter/authentication/pkg/utils/configs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,9 @@ var (
TlsCertPath = os.Getenv("TLS_CERT_PATH")
TlSKeyPath = os.Getenv("TLS_KEY_PATH")
CaCertPath = os.Getenv("CA_CERT_TLS_PATH")
RestPort = os.Getenv("REST_PORT")
GrpcPort = os.Getenv("GRPC_PORT")
DBName = "auth"
Port = ":3000"
PortHttps = ":3001"
GrpcPort = ":3030"
GrpcPortHttps = ":3031"
UserCollection = "users"
ProjectCollection = "project"
AuthConfigCollection = "auth-config"
Expand Down
2 changes: 1 addition & 1 deletion chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func GetAuthGRPCSvcClient(conn *grpc.ClientConn) (protos.AuthRpcServiceClient, *
tlsCredential := credentials.NewTLS(conf)

// Set up a connection to the server.
conn, err = grpc.NewClient(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPortHttps, grpc.WithTransportCredentials(tlsCredential))
conn, err = grpc.NewClient(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPort, grpc.WithTransportCredentials(tlsCredential))
if err != nil {
logrus.Fatalf("did not connect: %v", err)
}
Expand Down
12 changes: 6 additions & 6 deletions chaoscenter/graphql/server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ func main() {
log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
}
} else {
go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
go startGRPCServer(utils.Config.GrpcPort, mongodbOperator) // start GRPC serve
}

srv := handler.New(generated.NewExecutableSchema(graph.NewConfig(mongodbOperator)))
Expand Down Expand Up @@ -171,12 +171,12 @@ func main() {

if enableHTTPSConnection {
if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
log.Infof("graphql server running at https://localhost:%s", utils.Config.HttpsPort)
log.Infof("graphql server running at https://localhost:%s", utils.Config.RestPort)
// configuring TLS config based on provided certificates & keys
conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, true)

server := http.Server{
Addr: ":" + utils.Config.HttpsPort,
Addr: ":" + utils.Config.RestPort,
Handler: router,
TLSConfig: conf,
}
Expand All @@ -188,8 +188,8 @@ func main() {
log.Fatalf("Failure to start chaoscenter authentication GRPC server due to empty TLS cert file path and TLS key path")
}
} else {
log.Infof("graphql server running at http://localhost:%s", utils.Config.HttpPort)
log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
log.Infof("graphql server running at http://localhost:%s", utils.Config.RestPort)
log.Fatal(http.ListenAndServe(":"+utils.Config.RestPort, router))
}

}
Expand All @@ -214,7 +214,7 @@ func startGRPCServer(port string, mongodbOperator mongodb.MongoOperator) {
// startGRPCServerWithTLS initializes, registers services to and starts the gRPC server for RPC calls
func startGRPCServerWithTLS(mongodbOperator mongodb.MongoOperator) {

lis, err := net.Listen("tcp", ":"+utils.Config.RpcPortHttps)
lis, err := net.Listen("tcp", ":"+utils.Config.GrpcPort)
if err != nil {
log.Fatal("failed to listen: %w", err)
}
Expand Down
7 changes: 2 additions & 5 deletions chaoscenter/graphql/server/utils/variables.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,11 @@ type Configuration struct {
TlsCertB64 string `split_words:"true"`
LitmusAuthGrpcEndpoint string `split_words:"true" default:"localhost"`
LitmusAuthGrpcPort string `split_words:"true" default:":3030"`
LitmusAuthGrpcPortHttps string `split_words:"true" default:":3031"`
KubeConfigFilePath string `split_words:"true"`
RemoteHubMaxSize string `split_words:"true"`
SkipSslVerify string `split_words:"true"`
HttpPort string `split_words:"true" default:"8080"`
HttpsPort string `split_words:"true" default:"8081"`
RpcPort string `split_words:"true" default:"8000"`
RpcPortHttps string `split_words:"true" default:"8001"`
RestPort string `split_words:"true" default:"8080"`
GrpcPort string `split_words:"true" default:"8000"`
InfraCompatibleVersions string `required:"true" split_words:"true"`
DefaultHubGitURL string `required:"true" default:"https://github.com/litmuschaos/chaos-charts"`
DefaultHubBranchName string `required:"true" split_words:"true"`
Expand Down
8 changes: 8 additions & 0 deletions chaoscenter/manifests/litmus-getting-started.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,10 @@ spec:
value: ""
- name: CA_CERT_TLS_PATH
value: ""
- name: REST_PORT
value: 8080
- name: GRPC_PORT
value: 8000
ports:
- containerPort: 8080
- containerPort: 8000
Expand Down Expand Up @@ -353,6 +357,10 @@ spec:
value: ""
- name: CA_CERT_TLS_PATH
value: ""
- name: REST_PORT
value: 3000
- name: GRPC_PORT
value: 3030
ports:
- containerPort: 3000
- containerPort: 3030
Expand Down
8 changes: 8 additions & 0 deletions chaoscenter/manifests/litmus-installation.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,10 @@ spec:
value: "/etc/tls/tls.key"
- name: CA_CERT_TLS_PATH
value: "/etc/tls/ca.crt"
- name: REST_PORT
value: 8081
- name: GRPC_PORT
value: 8001
ports:
- containerPort: 8081
- containerPort: 8001
Expand Down Expand Up @@ -386,6 +390,10 @@ spec:
value: "/etc/tls/ctls.key"
- name: CA_CERT_TLS_PATH
value: "/etc/tls/ca.crt"
- name: REST_PORT
value: 3001
- name: GRPC_PORT
value: 3031
ports:
- containerPort: 3001
- containerPort: 3031
Expand Down
90 changes: 61 additions & 29 deletions chaoscenter/manifests/litmus-without-resources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ data:
DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
VERSION: "ci"
SKIP_SSL_VERIFY: "false"
# Configurations if you are using dex for OAuth
DEX_ENABLED: "false"
OIDC_ISSUER: "http://<Your Domain>:32000"
DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
OAuthJwtSecret: "litmus-oauth@123"
---
apiVersion: v1
kind: ConfigMap
Expand Down Expand Up @@ -57,7 +64,15 @@ data:
error_log /var/log/nginx/error.log;
server {
listen 8185 default_server;
listen 8185 ssl;
ssl_certificate /etc/tls/tls.crt;
ssl_certificate_key /etc/tls/tls.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_client_certificate /etc/tls/ca.crt;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
root /opt/chaos;
location /health {
Expand All @@ -79,23 +94,31 @@ data:
}
location /auth/ {
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://litmusportal-auth-server-service:9003/";
proxy_pass "https://litmusportal-auth-server-service:9005/";
proxy_ssl_certificate /etc/tls/tls.crt;
proxy_ssl_certificate_key /etc/tls/tls.key;
}
location /api/ {
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://litmusportal-server-service:9002/";
proxy_pass "https://litmusportal-server-service:9004/";
proxy_ssl_certificate /etc/tls/tls.crt;
proxy_ssl_certificate_key /etc/tls/tls.key;
}
}
}
Expand Down Expand Up @@ -131,10 +154,15 @@ spec:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- mountPath: /etc/tls
name: tls-secret
volumes:
- name: nginx-config
configMap:
name: litmusportal-frontend-nginx-configuration
- name: tls-secret
secret:
secretName: tls-secret
---
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -171,6 +199,9 @@ spec:
emptyDir: {}
- name: hub-storage
emptyDir: {}
- name: tls-secret
secret:
secretName: tls-secret
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:ci
Expand All @@ -179,6 +210,8 @@ spec:
name: gitops-storage
- mountPath: /tmp/version
name: hub-storage
- mountPath: /etc/tls
name: tls-secret
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
Expand Down Expand Up @@ -228,18 +261,20 @@ spec:
- name: INFRA_COMPATIBLE_VERSIONS
value: '["ci"]'
- name: ALLOWED_ORIGINS
value: ".*"
value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
- name: ENABLE_INTERNAL_TLS
value: "false"
value: "true"
- name: TLS_CERT_PATH
value: ""
value: "/etc/tls/tls.crt"
- name: TLS_KEY_PATH
value: ""
value: "/etc/tls/tls.key"
- name: CA_CERT_TLS_PATH
value: ""
value: "/etc/tls/ca.crt"
- name: REST_PORT
value: 8081
- name: GRPC_PORT
value: 8001
ports:
- containerPort: 8080
- containerPort: 8000
- containerPort: 8081
- containerPort: 8001
imagePullPolicy: Always
Expand Down Expand Up @@ -270,12 +305,6 @@ metadata:
spec:
type: NodePort
ports:
- name: graphql-server
port: 9002
targetPort: 8080
- name: graphql-rpc-server
port: 8000
targetPort: 8000
- name: graphql-server-https
port: 9004
targetPort: 8081
Expand All @@ -301,9 +330,16 @@ spec:
labels:
component: litmusportal-auth-server
spec:
volumes:
- name: tls-secret
secret:
secretName: tls-secret
automountServiceAccountToken: false
containers:
- name: auth-server
volumeMounts:
- mountPath: /etc/tls
name: tls-secret
image: litmuschaos/litmusportal-auth-server:ci
securityContext:
runAsUser: 2000
Expand All @@ -327,18 +363,20 @@ spec:
- name: LITMUS_GQL_GRPC_PORT
value: ":8000"
- name: ALLOWED_ORIGINS
value: ".*"
value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" #ip needs to added here
- name: ENABLE_INTERNAL_TLS
value: "false"
value: "true"
- name: TLS_CERT_PATH
value: ""
value: "/etc/tls/tls.crt"
- name: TLS_KEY_PATH
value: ""
value: "/etc/tls/ctls.key"
- name: CA_CERT_TLS_PATH
value: ""
value: "/etc/tls/ca.crt"
- name: REST_PORT
value: 3001
- name: GRPC_PORT
value: 3031
ports:
- containerPort: 3000
- containerPort: 3030
- containerPort: 3001
- containerPort: 3031
imagePullPolicy: Always
Expand Down Expand Up @@ -373,12 +411,6 @@ metadata:
spec:
type: NodePort
ports:
- name: auth-server
port: 9003
targetPort: 3000
- name: auth-rpc-server
port: 3030
targetPort: 3030
- name: auth-server-https
port: 9005
targetPort: 3001
Expand Down

0 comments on commit 39b7cf5

Please sign in to comment.