auth0 changes added

sourcefuse · Oct 1, 2024 · bb0f858 · bb0f858
1 parent 857518e
commit bb0f858
Show file tree

Hide file tree

Showing 100 changed files with 4,704 additions and 0 deletions.
diff --git a/...ples/bridge/tenant-helm-chart/.helmignore → ...ridge/tenant-helm-chart/auth0/.helmignore b/...ples/bridge/tenant-helm-chart/.helmignore → ...ridge/tenant-helm-chart/auth0/.helmignore
diff --git a/...mples/bridge/tenant-helm-chart/Chart.yaml → ...bridge/tenant-helm-chart/auth0/Chart.yaml b/...mples/bridge/tenant-helm-chart/Chart.yaml → ...bridge/tenant-helm-chart/auth0/Chart.yaml
diff --git a/...amples/bridge/tenant-helm-chart/README.md → .../bridge/tenant-helm-chart/auth0/README.md b/...amples/bridge/tenant-helm-chart/README.md → .../bridge/tenant-helm-chart/auth0/README.md
diff --git a/.../tenant-helm-chart/templates/_helpers.tpl → ...t-helm-chart/auth0/templates/_helpers.tpl b/.../tenant-helm-chart/templates/_helpers.tpl → ...t-helm-chart/auth0/templates/_helpers.tpl
diff --git a/...t-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/...t-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml
@@ -0,0 +1,244 @@
+{{- if .Values.authenticationService.enabled }}
+---
+#Deployment
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "helm.fullname" . }}-authentication-service
+  labels:
+    app: {{ include "helm.fullname" . }}
+    Tenant: {{ .Values.tenant }}
+    Tenant_ID: {{ .Values.tenantID }}
+spec:
+  replicas: {{ .Values.authenticationService.replicaCount }}
+  strategy:
+    type: {{ .Values.strategy.type }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.strategy.maxUnavailable }}
+      maxSurge: {{ .Values.strategy.maxSurge }}
+  selector:
+    matchLabels:
+      app: {{ include "helm.fullname" . }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }}
+        prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics
+{{- if .Values.extraAnnotations }} 
+{{ toYaml .Values.extraAnnotations | indent 8 }} 
+{{- end }}
+      labels:
+        app: {{ include "helm.fullname" . }}
+        component: authentication-service
+        Tenant: {{ .Values.tenant }}
+        Tenant_ID: {{ .Values.tenantID }}
+    spec:
+      serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }}
+      containers:
+        - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }}
+          resources:
+            {{- toYaml .Values.authenticationService.resources | nindent 12 }}
+{{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.app.basePath }}/authentication-service
+              port: 3000
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.app.basePath }}/authentication-service
+              port: 3000
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+{{- end }}
+          name: {{ include "helm.fullname" . }}-authentication-service
+          image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }}
+          volumeMounts:
+          - name: my-api-token
+            mountPath: /mnt/api-token
+            readOnly: true
+          envFrom:
+          - configMapRef:
+              name: {{ include "helm.fullname" . }}-cm-authentication-service
+          env:
+          - name: DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_HOST
+          - name: DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_PORT
+          - name: DB_USER
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_USER
+          - name: DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_PASSWORD
+          - name: DB_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: AUTHENTICATION_SERVICE_DB_DATABASE
+          - name: DB_SCHEMA
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_SCHEMA
+          - name: FEATURE_DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_HOST
+          - name: FEATURE_DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_PORT
+          - name: FEATURE_DB_USER
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_USER
+          - name: FEATURE_DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_PASSWORD
+          - name: FEATURE_DB_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: FEATURE_DB_DATABASE
+          - name: FEATURE_DB_SCHEMA
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: DB_SCHEMA
+          - name: REDIS_HOST
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: REDIS_HOST
+          - name: REDIS_PORT
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: REDIS_PORT
+          - name: REDIS_URL
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: REDIS_HOST
+          - name: REDIS_PASSWORD
+            value: ""
+          - name: REDIS_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: REDIS_DATABASE
+          - name: JWT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: JWT_SECRET
+          - name: JWT_ISSUER
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: JWT_ISSUER
+{{- if .Values.imagePullSecret.enabled }}            
+      imagePullSecrets:
+      - name: {{ .Values.imagePullSecret.name }}
+{{- end }}
+
+      nodeSelector:
+        pooled-node: {{ .Values.tier }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      volumes:
+        - name: my-api-token
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets
+{{- with .Values.authenticationService.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+
+---
+#HPA
+
+{{- if .Values.authenticationService.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "helm.fullname" . }}-authentication-service
+  labels:
+    app: {{ include "helm.fullname" . }}
+    component: authentication-service
+    Tenant: {{ .Values.tenant }}
+    Tenant_ID: {{ .Values.tenantID }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "helm.fullname" . }}-authentication-service
+  minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }}
+  metrics:
+  {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ . }}
+  {{- end }}
+  {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: AverageValue
+        averageValue: {{ . }}
+  {{- end }}
+{{- end }}
+---
+#Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "helm.fullname" . }}-authentication-service
+  labels:
+    app: {{ include "helm.fullname" . }}
+    Tenant: {{ .Values.tenant }}
+    Tenant_ID: {{ .Values.tenantID }}
+spec:
+  type: {{ .Values.authenticationService.service.type }}
+  ports:
+    - port: {{ .Values.authenticationService.service.port }}
+      targetPort: {{ .Values.authenticationService.service.targetPort }}
+      protocol: {{ .Values.authenticationService.service.protocol }}
+      name: web
+  selector:
+    app: {{ include "helm.fullname" . }}
+    component: authentication-service
+---
+{{- end }}
diff --git a/...chart/templates/authorization-policy.yaml → ...auth0/templates/authorization-policy.yaml b/...chart/templates/authorization-policy.yaml → ...auth0/templates/authorization-policy.yaml
diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.authenticationService.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "helm.fullname" . }}-cm-authentication-service
+  labels:
+    app: {{ include "helm.fullname" . }}
+    Tenant: {{ .Values.tenant }}
+    Tenant_ID: {{ .Values.tenantID }}
+data:
+      PORT: '{{ .Values.authenticationService.port }}'
+      NODE_ENV: '{{ .Values.authenticationService.node_env }}'
+      LOG_LEVEL: '{{ .Values.authenticationService.log_level }}'
+      BASE_PATH: '{{ .Values.authenticationService.base_path }}'
+      DB_SSL: '{{ .Values.authenticationService.db_ssl }}'
+      PRIVATE_DECRYPTION_KEY: ''
+      JWT_PRIVATE_KEY: ''
+      JWT_PUBLIC_KEY: ''
+{{- end}}
diff --git a/...m-chart/templates/cm-feature-service.yaml → ...t/auth0/templates/cm-feature-service.yaml b/...m-chart/templates/cm-feature-service.yaml → ...t/auth0/templates/cm-feature-service.yaml
diff --git a/...-chart/templates/cm-frontend-service.yaml → .../auth0/templates/cm-frontend-service.yaml b/...-chart/templates/cm-frontend-service.yaml → .../auth0/templates/cm-frontend-service.yaml
diff --git a/...rt/templates/cm-notification-service.yaml → ...h0/templates/cm-notification-service.yaml b/...rt/templates/cm-notification-service.yaml → ...h0/templates/cm-notification-service.yaml
diff --git a/...art/templates/cm-user-tenant-service.yaml → ...th0/templates/cm-user-tenant-service.yaml b/...art/templates/cm-user-tenant-service.yaml → ...th0/templates/cm-user-tenant-service.yaml
diff --git a/...mplates/cm-video-confrencing-service.yaml → ...mplates/cm-video-confrencing-service.yaml b/...mplates/cm-video-confrencing-service.yaml → ...mplates/cm-video-confrencing-service.yaml
diff --git a/...templates/feature-service-deployment.yaml → ...templates/feature-service-deployment.yaml b/...templates/feature-service-deployment.yaml → ...templates/feature-service-deployment.yaml
diff --git a/...emplates/frontend-service-deployment.yaml → ...emplates/frontend-service-deployment.yaml b/...emplates/frontend-service-deployment.yaml → ...emplates/frontend-service-deployment.yaml
diff --git a/.../tenant-helm-chart/templates/gateway.yaml → ...t-helm-chart/auth0/templates/gateway.yaml b/.../tenant-helm-chart/templates/gateway.yaml → ...t-helm-chart/auth0/templates/gateway.yaml
diff --git a/...-chart/templates/hooks/migration-job.yaml → .../auth0/templates/hooks/migration-job.yaml b/...-chart/templates/hooks/migration-job.yaml → .../auth0/templates/hooks/migration-job.yaml
diff --git a/...helm-chart/templates/imagePullSecret.yaml → ...hart/auth0/templates/imagePullSecret.yaml b/...helm-chart/templates/imagePullSecret.yaml → ...hart/auth0/templates/imagePullSecret.yaml
diff --git a/.../templates/kuberhealthy-http-checker.yaml → .../templates/kuberhealthy-http-checker.yaml b/.../templates/kuberhealthy-http-checker.yaml → .../templates/kuberhealthy-http-checker.yaml
diff --git a/...ates/notification-service-deployment.yaml → ...ates/notification-service-deployment.yaml b/...ates/notification-service-deployment.yaml → ...ates/notification-service-deployment.yaml
diff --git a/...ant-helm-chart/templates/provisioner.yaml → ...lm-chart/auth0/templates/provisioner.yaml b/...ant-helm-chart/templates/provisioner.yaml → ...lm-chart/auth0/templates/provisioner.yaml
diff --git a/...tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/...tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml
@@ -0,0 +1,117 @@
+---
+#namespace specific service account for 
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.tier }}-{{ .Values.tenant }}
+  labels:
+    {{- include "helm.labels" . | nindent 4 }}
+  annotations:
+    eks.amazonaws.com/role-arn: {{ .Values.arn }}
+
+---
+#custom resource to fetch the secrets from paramter store
+apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
+kind: SecretProviderClass
+metadata:
+  name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets
+  labels:
+    {{- include "helm.labels" . | nindent 4 }}
+spec:
+  provider: aws
+  secretObjects:
+  - secretName: api-token
+    type: Opaque
+    data:
+    - objectName: db_host
+      key: DB_HOST
+    - objectName: db_port
+      key: DB_PORT
+    - objectName: db_user
+      key: DB_USER
+    - objectName: db_password
+      key: DB_PASSWORD
+    - objectName: db_schema
+      key: DB_SCHEMA
+    - objectName: redis_host
+      key: REDIS_HOST
+    - objectName: redis_port
+      key: REDIS_PORT
+    - objectName: redis_database
+      key: REDIS_DATABASE
+    - objectName: jwt_secret
+      key: JWT_SECRET
+    - objectName: jwt_issuer
+      key: JWT_ISSUER
+    - objectName: authentication_service_db_database
+      key: AUTHENTICATION_SERVICE_DB_DATABASE
+    - objectName: feature_db_database
+      key: FEATURE_DB_DATABASE
+    - objectName: video_confrencing_service_db_database
+      key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE
+    - objectName: notification_service_db_database
+    - objectName: vonage-api-key-secret
+      key: VONAGE_API_KEY_SECRET
+    - objectName: pubnub-pub-key
+      key: PUBNUB_PUB_KEY
+    - objectName: pubnub-sub-key
+      key: PUBNUB_SUB_KEY
+    - objectName: pubnub-secret-key
+      key: PUBNUB_SECRET_KEY
+  parameters:
+#    region: us-west-2
+    objects: |
+      - objectName: {{ .Values.dbhost }}
+        objectType: ssmparameter
+        objectAlias: db_host
+      - objectName: {{ .Values.dbport }}
+        objectType: ssmparameter
+        objectAlias: db_port
+      - objectName: {{ .Values.dbuser }}
+        objectType: ssmparameter
+        objectAlias: db_user
+      - objectName: {{ .Values.dbpassword }}
+        objectType: ssmparameter
+        objectAlias: db_password
+      - objectName: {{ .Values.dbschema }}
+        objectType: ssmparameter
+        objectAlias: db_schema
+      - objectName: {{ .Values.redishost }}
+        objectType: ssmparameter
+        objectAlias: redis_host
+      - objectName: {{ .Values.redisport }}
+        objectType: ssmparameter
+        objectAlias: redis_port
+      - objectName: {{ .Values.redisdatabase }}
+        objectType: ssmparameter
+        objectAlias: redis_database
+      - objectName: {{ .Values.jwtsecret }}
+        objectType: ssmparameter
+        objectAlias: jwt_secret
+      - objectName: {{ .Values.jwtissuer }}
+        objectType: ssmparameter
+        objectAlias: jwt_issuer
+      - objectName: {{ .Values.authenticationdbdatabase }}
+        objectType: ssmparameter
+        objectAlias: authentication_service_db_database
+      - objectName: {{ .Values.featuredbdatabase }}
+        objectType: ssmparameter
+        objectAlias: feature_db_database
+      - objectName: {{ .Values.notificationdbdatabase }}
+        objectType: ssmparameter
+        objectAlias: notification_service_db_database
+      - objectName: {{ .Values.videoconfrencingdbdatabase }}
+        objectType: ssmparameter
+        objectAlias: video_confrencing_service_db_database
+      - objectName: {{ .Values.vonageSecret }}
+        objectType: ssmparameter
+        objectAlias: vonage-api-key-secret
+      - objectName: {{ .Values.pubnubPubKey }}
+        objectType: ssmparameter
+        objectAlias: pubnub-pub-key
+      - objectName: {{ .Values.pubnubSubKey }}
+        objectType: ssmparameter
+        objectAlias: pubnub-sub-key
+      - objectName: {{ .Values.pubnubSecretKey }}
+        objectType: ssmparameter
+        objectAlias: pubnub-secret-key